Configure user permissions
ADCM role model is designed for configuring user permissions via policies. As a result of a policy being applied the user has access only to the actions and ADCM objects that are included in that policy.
The ADCM offers a few ready-made user roles (sets of rules). You also can create your own roles in order to get the most suitable roles for your tasks.
You can find a few user permissions configuring examples below.
Configure cluster administrator permissions
Let there exist two ADCM clusters named ADH
and ADH Prod
. Let there also exist an ADCM user named user
, who belongs to the group 1
group and is not an administrator of any cluster. Create the policy that allows the user
to obtain cluster administrator permissions for the ADH
cluster.
Enter the policy name (user ADH
), select the Cluster Administrator
role, and the group 1
group.
Select the ADH
cluster.
Apply the policy by clicking Create.
After the policy is applied, the user
is able to see only the ADH
cluster in the Clusters section. The user
also has the cluster administrator permissions for the ADH
cluster.
Let there exist an ADCM user named another_user
, who belongs to the group 2
group and is also not an administrator of any cluster. Make that user the ADH Prod
cluster administrator via the actions similar to the actions above. After the policy is applied, the another_user
is able to see only the ADH Prod
cluster in the Clusters section. The another_user
also has the cluster administrator permissions for the ADH Prod
cluster.
The ADCM administrator is able to view all clusters in the system.
Configure service administrator permissions
Let there exist an ADCM cluster named ADH Prod
that has the HDFS
service among its services. Let there also exist an ADCM user named user
, who belongs to the group 1
group and is not an administrator of any service. Create the policy that allows the user
to obtain service administrator permissions for the HDFS
service in the ADH Prod
cluster.
Enter the policy name (user ADH Prod HDFS
), select the Service Administrator
role, and the group 1
group.
Select the HDFS
service in the ADH Prod
cluster.
Apply the policy by clicking Create.
After the policy is applied, the user
is able to see only the HDFS
service at the Services subsection of the ADH Prod
cluster. The user
also has the service administrator permissions for the HDFS
service.
The ADCM administrator is able to view all services of the ADH Prod
cluster.
Configure read-only permissions
The ADCM User
role allows the user to view ADCM objects along with their configurations and components, yet doesn’t allow the user to make any edits. This mode is, in fact, a read-only mode. The ADCM User
role is available when creating policies likewise in the same way as above.